Real-World Cases

Computer Forensics Team

Law Enforcement Computer Examiner Teams

Aside from small local police departments that only have the resources to assign one detective to computer forensics, most forensics professionals work in teams or task forces. The number of law enforcement personnel assigned to conduct forensic examinations changes from city to city, but is often determined by the size of the department and available personnel and financial resources.

Smaller Consulting Firm Examiner Teams

On the consulting agency side, the size of computer forensic investigation teams depends on the size of the company and volume of business. Some examiners work independently, while some smaller computer forensic firms operate with minimum staff – sometimes as few as two examiners. Typically in this case there is a junior and a senior examiner. The junior examiner may do most of the acquisitions while the senior examiner conducts the analysis.

Larger Consulting Firm Teams

Some of the larger consulting firms have smaller offices all over the country, and sometimes, all over the world. The computer forensics divisions of these firms may be staffed by dozens of examiners. If more support is needed in a specific city for a large computer forensic investigation they are working on, the company will pull examiners in from other cities and states to assist. These larger consulting agencies usually have teams with a forensics manager. Managers often have three to four examiners working for them. Personnel assignments to particular cases are determined by the respective engagement. These agencies typically designate different responsibilities for each team member. For instance, one or two team members may be responsible for retrieving data offsite, while another member is in the lab processing, and another team member is running and analyzing keyword hits.

Advantages of Examiner Teams

Be it a small law enforcement agency or large private consulting firm, working in teams has its advantages. The members of the team complement each others’ strengths, weaknesses, skills, and knowledge areas. For instance, if one team member has in-depth knowledge about Windows forensics, and another team member knows Mac forensics, the lab is capable of performing more examinations than a lab made up of only Windows examiners. This gives the lab diversity, which translates into marketability.